CVE-2017-12623

medium

Published 2017-10-10 · Modified 2023-11-08

CVSS v3

6.5

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2

4.0

VIR risk

6.5

Description

XML External Entity Reference in Apache NiFi

Exploit likelihood

75%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

vendor Authored 2026-05-27

Vendor advisory: security@apache.org — https://nifi.apache.org/security.html#CVE-2017-12623

Ecosystem	Package	Vulnerable	Fixed
Maven	org.apache.nifi:nifi	`>=1.0.0,<1.4.0`	`1.4.0`

Vendor	Product	Versions
apache	nifi	`1.0.0`
apache	nifi	`1.0.1`
apache	nifi	`1.1.0`
apache	nifi	`1.1.1`
apache	nifi	`1.1.2`
apache	nifi	`1.2.0`
apache	nifi	`1.3.0`

CWE-611

Verify integrity in audit chain (admin only). AS-IS.